b'       Office of Inspector General\n\n\n\n Law Student\nObserver Program\n\n            June 29,2006\nInvestigative Memorandum No. G-444\n\x0cINVESTIGATIVE MEMORANDUM ON\nMANAGEMENT ISSUES (G-444)\n\n                                                                                June 29,2006\n\nTo:      Jeffrey Risinger\n         Linda Thomsen\n\nFrom: Walter Stachnik\n\nRe:      Law Student Observer Program (OIG-444)\n\nDuring an investigation recently conducted by the Office of Inspector General (OIG-\n444), we learned that unpaid interns who are not U.S. citizens work at the Commission\nthrough the SEC\'s Law Student Observer Program. The Division of Enforcement\nadministers this program, although the interns work in various Commission divisions and\noffices. The interns are not SEC employees, but are required to abide by certain portions\nof the Commission\'s conduct regulations, including those pertaining to securities\ntransactions, conflicts of interest and confidential information.\'\n\nWe found that improvements could be made in the procedures for selecting non-U.S.\ncitizen interns and determining what access these individuals are given to non-public\nCommission information and databases.\n\nThe Office of Human Resources (OHR) processes the background check for the interns\nselected through the Law Student Observer Program. Currently, a three-step background\ncheck is performed for unpaid interns: a fingerprint check, FBI name check, and credit\ncheck. No inquiry is performed into potential conflicts of interest, e.g.,whether the\nindividual is an agent of, or is paid by, a foreign government.\n\n\n\n\n1\n The number of interns has varied in the past. The fall 2006 program will include 48 interns, nine who are\nnot U.S. citizens.\nL\n  Homeland Security Presidential Directive (HSPD) 12 and Federal Information Processing Standard\n(FIPS) 201 established a government-wide standard for the background investigationsto be performed for\nemployees and contractors who require long-term access to federally controlled facilities and/or\ninformation systems. According to the Office of Management and Budget (OMB) guidance on the\nimplementation of HSPD 12 (M-05-24), applicability of the standard to volunteers is an agency risk-based\ndecision.\n\x0cOnce they begin work, non-U.S. citizen interns are given access to the Commission\'s\ncomputer network, in the same manner as other interns and paid staff. These interns are\nalso given access to non-public databases, as requested by the divisions or offices where\nthey work. The unpaid interns do complete OIT security awareness training, and certify\nthat they are subject to the Commission\'s rules concerning confidential or non-public\ninformation.\n\nThe Office of International Affairs (OIA) provided information regarding an informal\n"secondment" program for hosting professional staff fiom foreign securities authorities\nthat might assist the OED and the Division of Enforcement in enhancing controls over the\nLaw Student Observer Program. In particular, OIA has drafted guidelines for\nconsideration of secondments that, among other things, require foreign professional\ninterns to undergo a comprehensive background check conducted by the Department of\nState. In addition, OIA has begun to draft individual terms and conditions for\nprofessional foreign staff coming to the SEC on an unpaid basis, which address\nconfidentialityand conflicts concerns.\n\nIn order to prevent possible conflicts of interest and to fiu-ther protect the Commission\'s\nconfidential and non-public information, Commission controls pertaining to non-U.S.\ncitizen interns selected through the Law Student Observer Program should be improved.\n\n       Recommendation A\n\n       The OED, in consultation with the Division of Enforcement, OHR and OIA,\n       should consider performing additional background and conflict of interest checks\n       for unpaid interns, particularly those who are not U.S. citizens. In determining\n       what background investigation will be performed for these interns, the provisions\n       of Homeland Security Presidential Directive (HSPD) 12 and Federal Information\n       Processing Standard (FIPS) 201 should be considered.\n\n       Recommendation B\n\n       Once the interns have been selected for a semester, the Division of Enforcement\n       should provide the OED with a list of all incoming unpaid interns who are not\n       U.S. citizens, and the divisions or offices where these interns will be working.\n\n       Recommendation C\n\n       The OED, in consultation with the Office of Information Technology (OIT), OIA,\n       and the divisions and offices where non-U.S. citizen interns work, should\n       determine what, if any, access these interns will be given to confidential or non-\n       public Commission information and databases, and whether any additional\n       controls should be implemented in this area.\n\x0c      Management Response\n\n      The OED agrees that better oversight of the background investigation process and\n      a review of information access would strengthen the Law Student Observer\n      Program and provide a better level of protection for the agency.\n\n\ncc:   Corey Booth\n      Peter Bresnan\n      Brian Cartwright\n      Scott Friestad\n      Joseph Gerrity\n      Darlene Pryor\n      Carol Smith\n      Ethiopis Tafara\n      Peter Uhlmann\n      John Walsh\n\x0c'